[Erp5-users] how to design security
gunjan jhunjhunwala
gunjan02 at gmail.com
Thu Jun 21 10:54:27 CEST 2007
hi,
I am a novice in erp5 and I'm trying to study it from the wiki and other
docs around the web.
According to Base_setDefaultSecurity[1], it says that associate has only the
common functions but not the power to modify.
common_permission_list = [p for p in [
'Access Transient Objects',
'Access contents information',
'Access session data',
'List folder contents',
'View',
'View History',
] if p in permission_list]
# Define ERP5 permissions for each role
erp5_role_dict = {
'Assignee': common_permission_list,
'Assignor': common_permission_list + author_permission_list +\
assignor_permission_list,
'Associate': common_permission_list,
'Auditor' : common_permission_list,
'Author': common_permission_list + author_permission_list,
'Manager': permission_list
}
But according to wiki, in the given example in How to design Security[2],it
gives Associate the power to modify.
draft - Associate (VM), Auditor (V)
I think Associate should be replaced with Assignee in above case or wiki
document[2] should redefine the common_permission_list.
Please let me know about your opinion.
[1]
http://svn.erp5.org/*checkout*/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml?revision=11320&content-type=text%2Fplain
[2] http://wiki.erp5.org/HowToDesignSecurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.tiolive.com/pipermail/erp5-users/attachments/20070621/c969ead9/attachment.htm>
More information about the Erp5-users
mailing list